PT-2026-42755 · Apache · Apache Cxf
Colm O Heigeartaigh
·
Published
2026-05-22
·
Updated
2026-06-30
·
CVE-2026-44930
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache CXF versions prior to 4.2.1
Apache CXF versions prior to 4.1.6
Apache CXF versions prior to 3.6.11
Description
An LDAP injection issue exists in the LDAP Certificate repository of the XKMS server. This allows an attacker to retrieve arbitrary certificates from the repository. LDAP injection is a technique where malicious LDAP statements are used to manipulate queries sent to a directory server.
Recommendations
Upgrade to version 4.2.1.
Upgrade to version 4.1.6.
Upgrade to version 3.6.11.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cxf